OpenI
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree: 4b8da7b892
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4b8da7b892'
${ noResults }
aiforge/vendor/github.com/minio/minio-go/api-presigned.go

216 lines
7.1 kB
Raw Blame History 

  1. /*

  2.  * Minio Go Library for Amazon S3 Compatible Cloud Storage

  3.  * Copyright 2015-2017 Minio, Inc.

  4.  *

  5.  * Licensed under the Apache License, Version 2.0 (the "License");

  6.  * you may not use this file except in compliance with the License.

  7.  * You may obtain a copy of the License at

  8.  *

  9.  *     http://www.apache.org/licenses/LICENSE-2.0

  10.  *

  11.  * Unless required by applicable law or agreed to in writing, software

  12.  * distributed under the License is distributed on an "AS IS" BASIS,

  13.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  14.  * See the License for the specific language governing permissions and

  15.  * limitations under the License.

  16.  */

  17. 

  18. package minio

  19. 

  20. import (

  21. 	"errors"

  22. 	"net/http"

  23. 	"net/url"

  24. 	"time"

  25. 

  26. 	"github.com/minio/minio-go/pkg/s3signer"

  27. 	"github.com/minio/minio-go/pkg/s3utils"

  28. )

  29. 

  30. // presignURL - Returns a presigned URL for an input 'method'.

  31. // Expires maximum is 7days - ie. 604800 and minimum is 1.

  32. func (c Client) presignURL(method string, bucketName string, objectName string, expires time.Duration, reqParams url.Values) (u *url.URL, err error) {

  33. 	// Input validation.

  34. 	if method == "" {

  35. 		return nil, ErrInvalidArgument("method cannot be empty.")

  36. 	}

  37. 	if err = s3utils.CheckValidBucketName(bucketName); err != nil {

  38. 		return nil, err

  39. 	}

  40. 	if err = isValidExpiry(expires); err != nil {

  41. 		return nil, err

  42. 	}

  43. 

  44. 	// Convert expires into seconds.

  45. 	expireSeconds := int64(expires / time.Second)

  46. 	reqMetadata := requestMetadata{

  47. 		presignURL:  true,

  48. 		bucketName:  bucketName,

  49. 		objectName:  objectName,

  50. 		expires:     expireSeconds,

  51. 		queryValues: reqParams,

  52. 	}

  53. 

  54. 	// Instantiate a new request.

  55. 	// Since expires is set newRequest will presign the request.

  56. 	var req *http.Request

  57. 	if req, err = c.newRequest(method, reqMetadata); err != nil {

  58. 		return nil, err

  59. 	}

  60. 	return req.URL, nil

  61. }

  62. 

  63. // PresignedGetObject - Returns a presigned URL to access an object

  64. // data without credentials. URL can have a maximum expiry of

  65. // upto 7days or a minimum of 1sec. Additionally you can override

  66. // a set of response headers using the query parameters.

  67. func (c Client) PresignedGetObject(bucketName string, objectName string, expires time.Duration, reqParams url.Values) (u *url.URL, err error) {

  68. 	if err = s3utils.CheckValidObjectName(objectName); err != nil {

  69. 		return nil, err

  70. 	}

  71. 	return c.presignURL("GET", bucketName, objectName, expires, reqParams)

  72. }

  73. 

  74. // PresignedHeadObject - Returns a presigned URL to access object

  75. // metadata without credentials. URL can have a maximum expiry of

  76. // upto 7days or a minimum of 1sec. Additionally you can override

  77. // a set of response headers using the query parameters.

  78. func (c Client) PresignedHeadObject(bucketName string, objectName string, expires time.Duration, reqParams url.Values) (u *url.URL, err error) {

  79. 	if err = s3utils.CheckValidObjectName(objectName); err != nil {

  80. 		return nil, err

  81. 	}

  82. 	return c.presignURL("HEAD", bucketName, objectName, expires, reqParams)

  83. }

  84. 

  85. // PresignedPutObject - Returns a presigned URL to upload an object

  86. // without credentials. URL can have a maximum expiry of upto 7days

  87. // or a minimum of 1sec.

  88. func (c Client) PresignedPutObject(bucketName string, objectName string, expires time.Duration) (u *url.URL, err error) {

  89. 	if err = s3utils.CheckValidObjectName(objectName); err != nil {

  90. 		return nil, err

  91. 	}

  92. 	return c.presignURL("PUT", bucketName, objectName, expires, nil)

  93. }

  94. 

  95. // Presign - returns a presigned URL for any http method of your choice

  96. // along with custom request params. URL can have a maximum expiry of

  97. // upto 7days or a minimum of 1sec.

  98. func (c Client) Presign(method string, bucketName string, objectName string, expires time.Duration, reqParams url.Values) (u *url.URL, err error) {

  99. 	return c.presignURL(method, bucketName, objectName, expires, reqParams)

  100. }

  101. 

  102. // PresignedPostPolicy - Returns POST urlString, form data to upload an object.

  103. func (c Client) PresignedPostPolicy(p *PostPolicy) (u *url.URL, formData map[string]string, err error) {

  104. 	// Validate input arguments.

  105. 	if p.expiration.IsZero() {

  106. 		return nil, nil, errors.New("Expiration time must be specified")

  107. 	}

  108. 	if _, ok := p.formData["key"]; !ok {

  109. 		return nil, nil, errors.New("object key must be specified")

  110. 	}

  111. 	if _, ok := p.formData["bucket"]; !ok {

  112. 		return nil, nil, errors.New("bucket name must be specified")

  113. 	}

  114. 

  115. 	bucketName := p.formData["bucket"]

  116. 	// Fetch the bucket location.

  117. 	location, err := c.getBucketLocation(bucketName)

  118. 	if err != nil {

  119. 		return nil, nil, err

  120. 	}

  121. 

  122. 	isVirtualHost := c.isVirtualHostStyleRequest(*c.endpointURL, bucketName)

  123. 

  124. 	u, err = c.makeTargetURL(bucketName, "", location, isVirtualHost, nil)

  125. 	if err != nil {

  126. 		return nil, nil, err

  127. 	}

  128. 

  129. 	// Get credentials from the configured credentials provider.

  130. 	credValues, err := c.credsProvider.Get()

  131. 	if err != nil {

  132. 		return nil, nil, err

  133. 	}

  134. 

  135. 	var (

  136. 		signerType      = credValues.SignerType

  137. 		sessionToken    = credValues.SessionToken

  138. 		accessKeyID     = credValues.AccessKeyID

  139. 		secretAccessKey = credValues.SecretAccessKey

  140. 	)

  141. 

  142. 	if signerType.IsAnonymous() {

  143. 		return nil, nil, ErrInvalidArgument("Presigned operations are not supported for anonymous credentials")

  144. 	}

  145. 

  146. 	// Keep time.

  147. 	t := time.Now().UTC()

  148. 	// For signature version '2' handle here.

  149. 	if signerType.IsV2() {

  150. 		policyBase64 := p.base64()

  151. 		p.formData["policy"] = policyBase64

  152. 		// For Google endpoint set this value to be 'GoogleAccessId'.

  153. 		if s3utils.IsGoogleEndpoint(*c.endpointURL) {

  154. 			p.formData["GoogleAccessId"] = accessKeyID

  155. 		} else {

  156. 			// For all other endpoints set this value to be 'AWSAccessKeyId'.

  157. 			p.formData["AWSAccessKeyId"] = accessKeyID

  158. 		}

  159. 		// Sign the policy.

  160. 		p.formData["signature"] = s3signer.PostPresignSignatureV2(policyBase64, secretAccessKey)

  161. 		return u, p.formData, nil

  162. 	}

  163. 

  164. 	// Add date policy.

  165. 	if err = p.addNewPolicy(policyCondition{

  166. 		matchType: "eq",

  167. 		condition: "$x-amz-date",

  168. 		value:     t.Format(iso8601DateFormat),

  169. 	}); err != nil {

  170. 		return nil, nil, err

  171. 	}

  172. 

  173. 	// Add algorithm policy.

  174. 	if err = p.addNewPolicy(policyCondition{

  175. 		matchType: "eq",

  176. 		condition: "$x-amz-algorithm",

  177. 		value:     signV4Algorithm,

  178. 	}); err != nil {

  179. 		return nil, nil, err

  180. 	}

  181. 

  182. 	// Add a credential policy.

  183. 	credential := s3signer.GetCredential(accessKeyID, location, t)

  184. 	if err = p.addNewPolicy(policyCondition{

  185. 		matchType: "eq",

  186. 		condition: "$x-amz-credential",

  187. 		value:     credential,

  188. 	}); err != nil {

  189. 		return nil, nil, err

  190. 	}

  191. 

  192. 	if sessionToken != "" {

  193. 		if err = p.addNewPolicy(policyCondition{

  194. 			matchType: "eq",

  195. 			condition: "$x-amz-security-token",

  196. 			value:     sessionToken,

  197. 		}); err != nil {

  198. 			return nil, nil, err

  199. 		}

  200. 	}

  201. 

  202. 	// Get base64 encoded policy.

  203. 	policyBase64 := p.base64()

  204. 

  205. 	// Fill in the form data.

  206. 	p.formData["policy"] = policyBase64

  207. 	p.formData["x-amz-algorithm"] = signV4Algorithm

  208. 	p.formData["x-amz-credential"] = credential

  209. 	p.formData["x-amz-date"] = t.Format(iso8601DateFormat)

  210. 	if sessionToken != "" {

  211. 		p.formData["x-amz-security-token"] = sessionToken

  212. 	}

  213. 	p.formData["x-amz-signature"] = s3signer.PostPresignSignatureV4(policyBase64, t, secretAccessKey, location)

  214. 	return u, p.formData, nil

  215. }